Date: Thu, 9 Jun 2005 15:23:00 -0400 From: "James Bowman Sineath, III" <sineathj1@citadel.edu> To: "Danny Howard" <dannyman@toldme.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: ipf blocking pass rule Message-ID: <001001c56d28$a67c4a90$0463a8c0@GARUDA> References: <NHBBKEEMKJDINKDJBJHGCECGJCAD.john@day-light.com><004301c56c8a$686010a0$0463a8c0@GARUDA> <42A88757.8070601@toldme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you, I wasn't aware that it did that. Your response was my first impression as well, however I looked at it further and I don't believe that is the case. When I have log first in my other rules, it rarely takes effect. I used it to cut down on the number of logs produced, but it only does so within a very short amount of time. I also have not experienced that problem with any other rules or ports, even though I have log first in most of my rules. It always seems to block every other connection attempt, regardless of timing. It passes the first connection, then the second connection occurs five minutes later and is blocked, then the process is repeated. Five minutes later I get another connection attempt that is passed, then the next one is blocked five minutes later. I don't have this problem with any other ports or rules, even though this rule is identical to my other pass in rules except for port number. Thanks again. > James Bowman Sineath, III wrote: > > James, > > You should send messages to the list directly. When you start your > question by hitting "reply" to a question about shell accounts, your > message will be lumped under there in a lot of mail clients, and is less > likely to be see. > >> I have the following rule in my ipf.rules: >> >> pass in log first quick on xl0 proto tcp from any to any port = 25 keep >> state >> >> for some reason it will pass the first connection but block the next. A >> log is below. Any ideas on why this is happening would be much >> appreciated. > > I'm no IPF expert, but I'd wonder if "pass in log FIRST quick" is doing > exactly what you describe correctly ... > > -d > > -- > http://dannyman.toldme.com/ > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c56d28$a67c4a90$0463a8c0>